Secure university data, share responsibly

All users of university data have a responsibility to help keep that data secure. While some information in the data warehouse might be publicly available, such as data from the National Institutes of Health, nearly everything generated by a university source system requires some level of security to access.

In Cognos, each user’s access can be customized to ensure that user only sees the data they are secured to, but BIDW recognizes that most users are running reports and doing analysis to share with others outside the Cognos security framework. And with the recent addition of Tableau Server to our toolbox, sharing data has become easier than ever. With that in mind, we ask all Cognos and Tableau users to remember a few key things about data security:

Keep track of your downloads. Once a data file is downloaded to your device you are responsible for keeping that file secure. Don’t place data files in shared folders where you don’t know who might access it. Encrypt data files containing identifying information, delete files you don’t need to keep, and empty your recycle bin.

Know your audience before you share. Ensure that you are only sharing your data with people who would have access to it in the source systems. If they shouldn’t see it in HRMS, for example, they should not see it in your report.

Think before you email. Even if the person you’re sharing a report with has the appropriate security for the data, remember that university email does NOT. The recommended way to share university data is in a WUSTL Box folder, which meets all criteria for the highest level of information security needed by the university.

Embed with extreme caution. When working in Tableau you may have an option to grab a code snippet and embed a data visualization on a website. Do not do this unless you are absolutely certain that everyone who might possibly see that site has the appropriate level of security to access all the university data in your visualization.

As a data user, you are ultimately responsible for the security of the data you are working with, in any tool or format. It is essential to be mindful of what information is visible in a report and how it is circulated amongst your colleagues. If you have questions about data security, email infosec@wustl.edu.